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Amendments to the Claims 

1 (currently amended): A method for dynamically tracking a user session in order 
to authent i cat i ng and author i z i ng computer users authenticate and authorize a computer 
user the method comprising the steps of: 

a. storing security information for a plurality of computer users in a user profile 

database; 

b. receiving at an authorization server coupled with the user profile database 

log-in information from a the computer user who has launched a 
computer application; 

c. in response to step b, creating a Session ID for the computer user with the 

authorization server; 

d. storing at least a portion of the Session ID on the user's computer; 

e. also in response to step b, creating an object associated with the computer 

user or the Session ID; 

f. storing the object dynamically in a directory coupled with the authorization 

server; 

g. copying at least some of the security information relating to the computer 

user from the user profile database to the object in the directory; 

h. comparing the log-in information entered by the computer user to the 

security information for the computer user and allowing the computer 
user access to the launched computer application if the user is an 
authenticated or authorized user of the computer application; and 

i. permitting other computer applications launched by the computer user to 

reference the Session ID on the user's computer so that the other 
computer applications may access the object for the computer user 
on the directory to authenticate or authorize the user for the other 
computer applications without requiring the user to re-enter the log-in 
information. 

2 (original): The method as set forth in claim 1, the security information including 
authentication and authorization information. 

3 (original): The method as set forth in claim 2, the authentication and authorization 
information including at least one of the following: user names, user IDs, passwords, 
public-key data, certificates, and access control information. 
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4 (currently amended): The method as set forth in claim 1. the Session ID being 
based on at least one of the following: a date on which the computer user launched the 
computer application; a time in which the computer user launched the computer 
application; a TCP/IP address of the computer user; and a user name of the computer 
use r; and an account cod e. 

5 (original): The method as set forth in claim 1 , further including the steps of creating 
a shopping cart and storing the shopping cart along with the object in the directory. 

6 (original): The method as set forth in claim 5, further including the steps of allowing 
the user to select items to be purchased and storing information relating to the selected 
items in the shopping cart. 
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7 (currently amended): A system for dynamically tracking a user session in order to 
authent i cat i ng and author i z i ng computer users authenticate and authorize a computer user , 
the system comprising: 

a user profile database for storing security information for a plurality of computer 
users; 

an authorization server coupled with the user profile database for receiving log-in 
information from a computer user who has launched a computer application, 
for creating a Session ID for the computer user, for storing at least a portion 
of the Session ID on the user's computer and for creating an object 
associated with the computer user or the Session ID; and 

a directory coupled with the authorization server for dynamically storing the object 
created by the authorization serverrand^ 

the authorization server being further operable for copying at least some of the 
security information relating to the computer user from the user profile 
database to the object in the directory, comparing log information entered by 
the computer user to the security information for the computer user and 
allowing the computer user access to the launched computer application if 
the user is an authenticated or authorized user of the computer application, 
permitting other computer applications launched by the computer user to 
reference the Session ID on the user's computer so that the other computer 
applications may access the object for the computer user on the directory to 
authenticate or authorize the userforthe other computerapplications without 
requiring the user to re-enter the log-in information. 

8 (original): The system as set forth in claim 7, the security information including 
authentication and authorization information. 

9 (original): The system as set forth in claim 8, the authentication and authorization 
information including at least one of the following: user names, user IDs, passwords, 
public-key data, certificates, and access control information. 
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10 (currently amended): The system as set forth in claim 7, the Session ID being 
based on at least one of the following: a date on which the computer user launched the 
computer application; a time in which the computer user launched the computer 
application; a TCP/IP address of the computer user; and a user name of the computer 
use r; and an account code . 

1 1 (original): The system as set forth in claim 7, the authorization server being 
further operable for creating a shopping cart and storing the shopping cart along with the 
object in the directory. n 

12 (original): The system as set forth in claim 11, the authorization server being 
further operable for allowing the user to select items to be purchased and storing 
information relating to the selected -items in the shopping cart. 



